Wanawiki is the WannaCry fix that might save affected PCs—if you work fast

Mark Hachman |
May 22, 2017

To give the wanawiki tool a fighting chance, though DO NOT REBOOT YOUR PC.

If you own a Windows XP or Windows 7 PC that's been hit by the WannaCry ransomware, there's good news: French researchers have created a software utility called wanawiki that can potentially unlock an infected PC.

Matt Suiche, the founder of CloudVolumes and Comae, published a blog post that describes how Benjamin Delpy's wanawiki tool works: It sniffs out the prime numbers used by the ransomware to reconstruct the key used to encrypt your PC. Once the wanawiki tool is run, the software can basically generate the key, and the tool will then unlock the encypted files.

There's a catch: To give the tool a chance to reconstruct the key, the infected PC cannot be rebooted. Also, wanawiki needs to be run as soon as possible, because the prime numbers the ransomware uses may be overwritten over time, Suiche wrote. Users with PCs infected by WannaCry need to download the tool, run it, and "pray" the prime numbers haven't been overwritten, according to Suiche.

Over time, the fix has been proven to work on infected PCs running Windows XP and Windows Server 2003, as well as Windows 7. It's assumed, but not proven, that wanawiki will also unlock PCs running every OS version between Windows XP and Windows 7, including Windows Vista, Suiche wrote. Windows 10 PCs remain unaffected by WannaCry.

According to Suiche, who collaborated with Delpy on the wanawiki tool, the software recreates the .DKY files that Wannacry looks for and also prevents the creation of new encrypted files. (This GIF file shows how the process works.)

Though reports have claimed that slightly more than 200,000 PCs have been infected, the number has steadily increased in the seven days during which WannaCry has circulated. What makes WannaCry so serious is the type of PCs that have been affected: generally PCs at businesses and public agencies like the U.K.'s National Health Service that spend their budget on technologies to assist patients, rather than IT.

In the meantime, Microsoft has released its own patch to thwart WannaCry. Experts have warned, however, that WannaCry itself isn't that sophisticated, and further exploits will spread using a vulnerability released by a group calling themselves the Shadow Brokers.

Why this matters: Recently, a group of security experts convened a day-long panel recently to provide advice to consumers on how to combat ransomware. One of the steps was to sit tight while experts worked on a solution. That's what makes another step so important: If you've backed up files onto another, disconnected storage medium, you'll be able to recreate at least part of the work that was lost.